US8447781B2 - Content-based file system security - Google Patents

Content-based file system security Download PDF

Info

Publication number
US8447781B2
US8447781B2 US11/192,480 US19248005A US8447781B2 US 8447781 B2 US8447781 B2 US 8447781B2 US 19248005 A US19248005 A US 19248005A US 8447781 B2 US8447781 B2 US 8447781B2
Authority
US
United States
Prior art keywords
user
file
directory
file system
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US11/192,480
Other versions
US20070027873A1 (en
Inventor
Michael Factor
Benjamin Mandler
Naama Kraus
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/192,480 priority Critical patent/US8447781B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KRAUS, NAAMA, FACTOR, MICHAEL, MANDLER, BENJAMIN
Publication of US20070027873A1 publication Critical patent/US20070027873A1/en
Application granted granted Critical
Publication of US8447781B2 publication Critical patent/US8447781B2/en
Application status is Active legal-status Critical
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Abstract

A method for enforcing computer-based file system security, the method comprising generating a content-based file system from files in a physical file system, and enforcing a user access right to any aspect of the content-based file system, where the user access right derives from a user access right to a file in the physical file system.

Description

FIELD OF THE INVENTION

The present invention relates to computer file system security in general, and more particularly to security for content-based computer file systems.

BACKGROUND OF THE INVENTION

The enormous growth in the amount and types of digital information stored in computer file systems has led to new paradigms for representing information to computer users that go beyond the traditional hierarchical directory structure of physical file systems. One new metaphor used to represent file system information is the “content-based” file system, where a directory structure is built using “virtual directories” that are based on characteristics of the files in the file system, such as file content, structure, and metadata. For example, in a content-based file system, files containing information about employees who received a $50,000 bonus might reside in the virtual directory path “/employees/employee/bonus/50000” that may then be traversed to access the files.

In physical file systems that implement the traditional hierarchical directory structure, access security is often implemented at the file or directory level, where information is maintained regarding a user's right to access a file or directory. Thus, a user who does not have rights to a particular file or directory is typically precluded from accessing the file or directory, receiving information regarding the file or directory, or even from “seeing” the file or directory itself. Unfortunately, in a content-based file system, the very knowledge of the existence of a virtual directory may allow a user to deduce information about the content of files in the file system. Also, the very knowledge of the existence of a file under some virtual directory allows a user to deduce information about the content of that particular file. In both cases, a user may deduce information about the content of files without actually opening and reading the files. For example, the existence of the virtual directory path “/employees/employee/bonus/50000” indicates the existence of one or more files containing information about one or more employees whose bonus was $50,000. In addition, the existence of the file “Filel.doc” under the directory “/employees/employee/bonus/5000” indicates that the Filel.doc contains information about the fact that some employee's bonus was $50,000. Furthermore, in a content-based file system directories are typically not generated in advance, but rather are generated in response to user requests to traverse the virtual directory tree, thus precluding the use of conventional directory-level access security. It would therefore be advantageous to enforce user rights in a content-based file system that does not require knowing each possible virtual directory in advance and that withholds information from users that they are not authorized to have.

SUMMARY OF THE INVENTION

The present invention discloses a system and method for applying physical file system security rights when constructing a content-based file system, whereby user rights in the content-based file system are enforced by:

    • allowing a user to see a file in a virtual directory only if the user has the right to read that file; and
    • allowing a user to see a virtual directory only where the virtual directory derives from a file that the user has permission to read.

A separate content-based directory tree is typically created for each user where each user is provided with a unique virtual root access directory for navigating the tree and for which the user preferably has sole access.

In one aspect of the present invention a method is provided for enforcing computer-based file system security, the method including generating a content-based file system from files in a physical file system, and enforcing a user access right to any aspect of the content-based file system, where the user access right derives from a user access right to a file in the physical file system.

In another aspect of the present invention the enforcing step includes providing a user with access to a virtual directory in the content-based file system only if the virtual directory is derived from a file which the user has permission to read.

In another aspect of the present invention the enforcing step includes providing a user with access to a file in the content-based file system only if the user has permission to read the file in the physical file system.

In another aspect of the present invention a method is provided for enforcing computer-based file system security, the method including receiving a request associated with a user to access a directory in a file system, and providing the user with access to the directory only if the directory is associated with a file which the user has permission to read.

In another aspect of the present invention the method further includes generating the directory as a virtual directory in a content-based file system.

In another aspect of the present invention the generating step includes deriving the virtual directory from the file in a physical file system.

In another aspect of the present invention the providing step includes providing the access where the user has permission to read the file in a physical file system.

In another aspect of the present invention the providing step includes providing the access where the directory or a descendant subdirectory thereof is derived from the file.

In another aspect of the present invention a system is provided for enforcing computer-based file system security, the system including apparatus operative to generate a content-based file system from files in a physical file system, and apparatus operative to enforce a user access right to any aspect of the content-based file system, where the user access right derives from a user access right to a file in the physical file system.

In another aspect of the present invention the enforcement apparatus is operative to provide a user with access to a virtual directory in the content-based file system only if the virtual directory is derived from a file which the user has permission to read.

In another aspect of the present invention the enforcement apparatus is operative to provide a user with access to a file in the content-based file system only if the user has permission to read the file in the physical file system.

In another aspect of the present invention the system further includes apparatus operative to receive a request associated with a user to access a directory in the content-based file system, where the enforcement apparatus is operative to provide the user with access to the directory only if the directory is associated with a file which the user has permission to read.

In another aspect of the present invention the generation apparatus is operative to generate the directory as a virtual directory in a content-based file system.

In another aspect of the present invention the generation apparatus is operative to derive the virtual directory from the file in a physical file system.

In another aspect of the present invention the enforcement apparatus is operative to provide the access where the user has permission to read the file in a physical file system.

In another aspect of the present invention the enforcement apparatus is operative to provide the access where the directory or a descendant subdirectory thereof is derived from the file.

In another aspect of the present invention a computer-implemented program is provided embodied on a computer-readable medium, the computer program including a first code segment operative to generate a content-based file system from files in a physical file system, and a first code segment operative to enforce a user access right to any aspect of the content-based file system, where the user access right derives from a user access right to a file in the physical file system.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated more fully from the following detailed description taken in conjunction with the appended drawings in which:

FIG. 1 is a simplified block-diagram illustration of an exemplary system for applying physical file system security rights when constructing a content-based file system, constructed and operative in accordance with a preferred embodiment of the present invention;

FIGS. 2A and 2B are simplified flowchart illustrations of an exemplary method of operation of the system of FIG. 1, operative in accordance with a preferred embodiment of the present invention; and

FIG. 3 is a simplified graphical illustration of an exemplary implementation of virtual directories, constructed and operative in accordance with a preferred embodiment of the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Reference is now made to FIG. 1, which is a simplified conceptual illustration of an exemplary system for applying physical file system security rights when constructing a content-based file system, constructed and operative in accordance with a preferred embodiment of the present invention. In the system of FIG. 1 a physical file system 100 resides on or is accessible to a computer 102. Physical file system 100 is shown having one or more files located in the root directory or one or more directories below the root directory. Physical file system 100 is also shown maintaining access control information in accordance with conventional techniques indicating a level of access that a user X has for each file and directory. In the example shown, user X is shown as having “read” rights, designated with an “R”, for FILE1, FILE2, FILE3, FILE5, and FILE6, as well as for the directory DIR-1. An “NR” indicated that user X has no read rights with respect to FILE4 and directory DIR-2. In one implementation, although user X has read rights to FILE5 and FILE6, since they reside in DIR-2 for which user X has no read rights, the access control rights of DIR-2 are applied to files and directories below DIR-2, thus preventing user X from reading FILE5 and FILE6.

A content-based file system 104 is constructed by or for computer 102 using content-based file system construction techniques, such as but not limited to the techniques that are described in “Semantic File Systems”, by Gifford et al., Programming Systems Research Group, MIT Laboratory for Compute Science, Proceedings of the 13th ACM Symposium on Operating Systems Principles, 1991, where virtual directories are constructed from information associated with files, such as file metadata or information within a file. In accordance with the present invention, the access control rights of physical file system 100 are enforced during the construction of content-based file system 104, whereby a user is provided access to a file in a virtual directory only if the user has the right to read that file, and a user is provided access to a virtual directory only where the virtual directory was constructed using information associated with a file that the user has permission to read. Such access may include receiving a listing of a file or directory name or any other known type of access. A separate content-based directory tree is typically created for each user, where each user is provided with a unique virtual root access directory for navigating the tree and for which the user preferably has sole access.

Thus, in the example shown in FIG. 1, user X is provided with a virtual root directory under which appear virtual directories DIR-A, DIR-B, and DIR-C. DIR-A is shown having been derived from information associated with FILE1 and FILE6. Since user X has read rights to FILE1, DIR-A is visible to user X, as is FILE1, while FILE6 is hidden from user X since user X has no read right to FILE6 in physical file system 100 owing to user X having no read right to DIR-2. DIR-B is shown having been derived from information associated with FILE4. Since user X has no read rights to FILE4, DIR-B is hidden from user X, as is FILE4. DIR-C is shown having been derived from information associated with FILE2, FILE3, and FILE5. Since user X has read rights to FILE2 and FILE3, DIR-C is visible to user X, while FILE5 is hidden from user X.

Reference is now made to FIGS. 2A and 2B, which are simplified flowchart illustrations of an exemplary method of operation of the system of FIG. 1, operative in accordance with a preferred embodiment of the present invention. In the method of FIGS. 2A and 2B a user is provided access to a content-based file system, such as to a virtual root directory that is unique to the user. One or more candidate virtual directories are then generated within the currently-accessed virtual directory based on files found in a physical file system. Each candidate virtual directory in the currently-accessed virtual directory is then evaluated to determine if the candidate virtual directory derives from a file in the physical file system for which the user has read rights. If so, the user may be granted access to the candidate virtual directory, such as by being shown the name of the candidate virtual directory, whereupon the user may traverse or otherwise interact with the candidate virtual directory. If not, access to the candidate virtual directory is withheld from the user. Each file identified in the currently-accessed virtual directory may also be evaluated to determine if the user has permission in the physical file system to read the file. If so, the user may be granted access to the file, such as by being shown the name of the file, whereupon the user may read or otherwise interact with the file.

Reference is now made to FIG. 3, which is a simplified graphical illustration of an exemplary implementation of virtual directories, constructed and operative in accordance with a preferred embodiment of the present invention. In the FIG. 3 each user 300, 302, 304 is provided with a corresponding unique virtual root access directory 300′, 302′, 304′ for navigating content-based virtual directory file system 104. Each access directory may be represented by the name of the user to which it belongs, and is preferably provided for the sole access of the user. Whenever the root of the content-based file system is read by a user, computer 102 preferably returns the unique access directory belonging to that user, under which appear any virtual directories that may be shown to the user. In this manner file systems that cache directory content and service file system queries from cache in order to improve performance will avoid providing to one user the cached result set of another user which might otherwise be the case without the notion of results belonging to a specific user. It is appreciated that conventional techniques may be used to hide the existence of the access directory from the user or from a user application, skipping directly to a virtual directory under the user's access directory without revealing the existence of the access directory.

It is appreciated that one or more of the steps of any of the methods described herein may be omitted or carried out in a different order than that shown, without departing from the true spirit and scope of the invention.

While the methods and apparatus disclosed herein may or may not have been described with reference to specific computer hardware or software, it is appreciated that the methods and apparatus described herein may be readily implemented in computer hardware or software using conventional techniques.

While the present invention has been described with reference to one or more specific embodiments, the description is intended to be illustrative of the invention as a whole and is not to be construed as limiting the invention to the embodiments shown. It is appreciated that various modifications may occur to those skilled in the art that, while not specifically shown herein, are nevertheless within the true spirit and scope of the invention.

Claims (5)

What is claimed is:
1. A method for enforcing computer-based file system security, the method comprising:
receiving a request associated with a user to access a directory in a file system;
determining if said directory includes at least one file for which said user has a read right; and
providing said user with access to said directory only if at least one file is found in said directory for which said user has a read right.
2. A method according to claim 1 and further comprising generating said directory as a virtual directory in a content-based file system.
3. A method according to claim 2 wherein said generating step comprises deriving said virtual directory from said file in a physical file system.
4. A method according to claim 1 wherein said providing step comprises providing said access where said user has permission to read said file in a physical file system.
5. A method according to claim 1 wherein said providing step comprises providing said access where said directory or a descendant subdirectory thereof is derived from said file.
US11/192,480 2005-07-29 2005-07-29 Content-based file system security Active 2029-09-06 US8447781B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/192,480 US8447781B2 (en) 2005-07-29 2005-07-29 Content-based file system security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/192,480 US8447781B2 (en) 2005-07-29 2005-07-29 Content-based file system security
CNB2006100935565A CN100456311C (en) 2005-07-29 2006-06-26 System and method for actualizing content-based file system security

Publications (2)

Publication Number Publication Date
US20070027873A1 US20070027873A1 (en) 2007-02-01
US8447781B2 true US8447781B2 (en) 2013-05-21

Family

ID=37674163

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/192,480 Active 2029-09-06 US8447781B2 (en) 2005-07-29 2005-07-29 Content-based file system security

Country Status (2)

Country Link
US (1) US8447781B2 (en)
CN (1) CN100456311C (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006051037A1 (en) 2004-11-09 2006-05-18 Thomson Licensing Bonding contents on separate storage media
US8161546B2 (en) * 2007-02-28 2012-04-17 Red Hat, Inc. Partitioning data on a smartcard dependent on entered password
JP4807330B2 (en) 2007-06-15 2011-11-02 富士ゼロックス株式会社 Document processing apparatus and program
CN100571159C (en) 2007-09-21 2009-12-16 华为技术有限公司 Method and apparatus for managing multi-work space contents
JP5046881B2 (en) * 2007-11-16 2012-10-10 キヤノン株式会社 Information processing apparatus, display control method, and program
JP5406044B2 (en) * 2007-12-17 2014-02-05 パナソニック株式会社 Recording medium, recording device, playback device, and methods used for individual sales
US20100169395A1 (en) * 2008-12-26 2010-07-01 Sandisk Il Ltd. Device and method for filtering a file system
US8166067B2 (en) * 2008-12-26 2012-04-24 Sandisk Il Ltd. Method and apparatus for providing access to files based on user identity
US8239395B2 (en) * 2008-12-26 2012-08-07 Sandisk Il Ltd. Storage device presenting to hosts only files compatible with a defined host capability
US8943409B2 (en) * 2008-12-26 2015-01-27 Sandisk Il Ltd. Storage device managing playable content
US8869299B2 (en) * 2009-03-04 2014-10-21 Titus Inc. Method and system for generating trusted security labels for electronic documents
US8407805B2 (en) 2009-03-04 2013-03-26 Titus Inc. Method and system for classifying and redacting segments of electronic documents
US8332350B2 (en) 2009-04-08 2012-12-11 Titus Inc. Method and system for automated security access policy for a document management system
CN102722500B (en) * 2011-03-31 2017-03-15 中国电信股份有限公司 A virtual file system and its implementation method
US8627104B2 (en) 2011-04-28 2014-01-07 Absio Corporation Secure data storage

Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5388257A (en) * 1991-07-24 1995-02-07 At&T Corp. Method and apparatus for operating a computer based file system
US5519865A (en) 1993-07-30 1996-05-21 Mitsubishi Denki Kabushiki Kaisha System and method for retrieving and classifying data stored in a database system
US5832470A (en) 1994-09-30 1998-11-03 Hitachi, Ltd. Method and apparatus for classifying document information
US5873085A (en) * 1995-11-20 1999-02-16 Matsushita Electric Industrial Co. Ltd. Virtual file management system
US6009439A (en) 1996-07-18 1999-12-28 Matsushita Electric Industrial Co., Ltd. Data retrieval support apparatus, data retrieval support method and medium storing data retrieval support program
US6014662A (en) 1997-11-26 2000-01-11 International Business Machines Corporation Configurable briefing presentations of search results on a graphical interface
US6208991B1 (en) 1998-08-26 2001-03-27 International Business Machines Corporation Dynamic file mapping for network computers
US20020097278A1 (en) 2001-01-25 2002-07-25 Benjamin Mandler Use of special directories for encoding semantic information in a file system
US20020124006A1 (en) 2000-12-28 2002-09-05 Parnell Todd C. Classification based content management system
US6519571B1 (en) 1999-05-27 2003-02-11 Accenture Llp Dynamic customer profile management
US20040093328A1 (en) 2001-02-08 2004-05-13 Aditya Damle Methods and systems for automated semantic knowledge leveraging graph theoretic analysis and the inherent structure of communication
US20040098379A1 (en) 2002-11-19 2004-05-20 Dan Huang Multi-indexed relationship media organization system
US20040103102A1 (en) 2002-11-27 2004-05-27 International Business Machines Corporation System and method for automatically linking items with multiple attributes to multiple levels of folders within a content management system
US6745206B2 (en) 2000-06-05 2004-06-01 International Business Machines Corporation File system with access and retrieval of XML documents
US20040128615A1 (en) 2002-12-27 2004-07-01 International Business Machines Corporation Indexing and querying semi-structured documents
US6766314B2 (en) 2001-04-05 2004-07-20 International Business Machines Corporation Method for attachment and recognition of external authorization policy on file system resources
US20050131955A1 (en) * 2003-12-10 2005-06-16 Veritas Operating Corporation System and method for providing programming-language-independent access to file system content
US20060036568A1 (en) * 2003-03-24 2006-02-16 Microsoft Corporation File system shell
US7024427B2 (en) * 2001-12-19 2006-04-04 Emc Corporation Virtual file system
US20070022091A1 (en) * 2005-07-20 2007-01-25 Scriptlogic Corporation Access based file system directory enumeration
US7194478B2 (en) * 2002-11-12 2007-03-20 Hewlett-Packard Development Company, L.P. Virtual process file systems and methods therefor

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1570934A (en) 2003-07-23 2005-01-26 杨长锋 File security management system

Patent Citations (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5388257A (en) * 1991-07-24 1995-02-07 At&T Corp. Method and apparatus for operating a computer based file system
US5519865A (en) 1993-07-30 1996-05-21 Mitsubishi Denki Kabushiki Kaisha System and method for retrieving and classifying data stored in a database system
US5832470A (en) 1994-09-30 1998-11-03 Hitachi, Ltd. Method and apparatus for classifying document information
US5873085A (en) * 1995-11-20 1999-02-16 Matsushita Electric Industrial Co. Ltd. Virtual file management system
US6009439A (en) 1996-07-18 1999-12-28 Matsushita Electric Industrial Co., Ltd. Data retrieval support apparatus, data retrieval support method and medium storing data retrieval support program
US6014662A (en) 1997-11-26 2000-01-11 International Business Machines Corporation Configurable briefing presentations of search results on a graphical interface
US6208991B1 (en) 1998-08-26 2001-03-27 International Business Machines Corporation Dynamic file mapping for network computers
US6519571B1 (en) 1999-05-27 2003-02-11 Accenture Llp Dynamic customer profile management
US6745206B2 (en) 2000-06-05 2004-06-01 International Business Machines Corporation File system with access and retrieval of XML documents
US20020124006A1 (en) 2000-12-28 2002-09-05 Parnell Todd C. Classification based content management system
US20020097278A1 (en) 2001-01-25 2002-07-25 Benjamin Mandler Use of special directories for encoding semantic information in a file system
US20040093328A1 (en) 2001-02-08 2004-05-13 Aditya Damle Methods and systems for automated semantic knowledge leveraging graph theoretic analysis and the inherent structure of communication
US6766314B2 (en) 2001-04-05 2004-07-20 International Business Machines Corporation Method for attachment and recognition of external authorization policy on file system resources
US7024427B2 (en) * 2001-12-19 2006-04-04 Emc Corporation Virtual file system
US7194478B2 (en) * 2002-11-12 2007-03-20 Hewlett-Packard Development Company, L.P. Virtual process file systems and methods therefor
US20040098379A1 (en) 2002-11-19 2004-05-20 Dan Huang Multi-indexed relationship media organization system
US20040103102A1 (en) 2002-11-27 2004-05-27 International Business Machines Corporation System and method for automatically linking items with multiple attributes to multiple levels of folders within a content management system
US20040128615A1 (en) 2002-12-27 2004-07-01 International Business Machines Corporation Indexing and querying semi-structured documents
US20060036568A1 (en) * 2003-03-24 2006-02-16 Microsoft Corporation File system shell
US20050131955A1 (en) * 2003-12-10 2005-06-16 Veritas Operating Corporation System and method for providing programming-language-independent access to file system content
US20070022091A1 (en) * 2005-07-20 2007-01-25 Scriptlogic Corporation Access based file system directory enumeration

Non-Patent Citations (12)

* Cited by examiner, † Cited by third party
Title
Alexander Ames et al., Richer File System Metadata Using Links and Attributes, Proceedings of the 22nd IEEE, 13th NASA Goddard Conference on Mass Storage Systems and Technologies, Apr. 2005, Monterey, California. *
Alexander Ames, Nikhil Bobb, Scott A. Brandt, Adam Iliatt, , "Richer File System Metadata Using Links and Attributes", Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies p. 102-109, 2005.
Alexander K. Ames, University of California, Santa Cruz, 2004, http://www.cs.ucsc.edu/~sasha/proj/fafs.pdf. *
Alexander K. Ames, University of California, Santa Cruz, 2004, http://www.cs.ucsc.edu/˜sasha/proj/fafs.pdf. *
Azagury A., Factor E.F., and Mandler B(2000). XMLFS: an XML-Aware File System. ACM SIGIR workshop on XML and Information Retrieval.
Azagury A., Factor E.F., Kraus N., Loy I., Mandler B., "Index Infrastructure for an XML Repository", in the ACM SIGIR 2002 XML and IR workshop notes, Tampere, Finland, Aug. 2002.
Azagury A., Factor E.F., Maarek Y.S, and Mandler B, "A Novel Navigation Paradigm for XML Repositories", Journal of the American society for information science and technology, 53(6): 515-525, 2002.
Azagury, Alain et al., "A Novel Navigation Paradigm for XML Repositories", Journal of the American Society for Information Science and Technology, 53(6): 515-525, 2002.
Azagury, Alain et al., "Index Infrastructure for an XML Repository", in the ACM SIGIR 2002 XML and IR workshop notes, Tampere, Finland, Aug. 2002.
Azagury, Alain et al., "XMLFS: An XML-Aware File System", ACM SIGIR Workshop on XML and Information Retrieval, (2000).
David K. Gifford, Pierre Jouvelot, Mark A. Sheldon, James W.O'Toole, Jr., "Semantic File Systems", ACM Operating System Review p. 20-21, 1991.
Gifford, David K. et al., "Semantic File Systems", Programming Systems Research Group, MIT Laboratory for Computer Science, Proceedings of the 13th ACM Symposium on Operating Systems Principles, 1991.

Also Published As

Publication number Publication date
CN100456311C (en) 2009-01-28
US20070027873A1 (en) 2007-02-01
CN1904901A (en) 2007-01-31

Similar Documents

Publication Publication Date Title
US7233959B2 (en) Life-cycle management engine
US7487154B2 (en) Method and apparatus for generating page-level security in a computer generated report
JP4359448B2 (en) System and method for managing file names for file system filter drivers
US6477536B1 (en) Virtual cubes
AU735365B2 (en) A method and apparatus for document management utilizing a messaging system
US7065515B2 (en) System and method for electronically managing composite documents
KR100946055B1 (en) Heterogeneous indexing for annotation systems
JP2739029B2 (en) How to control access to the data object
US7539682B2 (en) Multilevel secure database
JP2007526528A (en) Multi-volume file support
US20030101200A1 (en) Distributed file sharing system and a file access control method of efficiently searching for access rights
JP4787149B2 (en) System and method for hierarchical role-based qualification
US6952692B1 (en) Execution of requests in a parallel database system
US8150897B2 (en) Computer file system driver control method, program thereof, and program recording medium
US5113442A (en) Method and apparatus for providing access control in a secure operating system
US20150040185A1 (en) Visualization of access permission status
US7127470B2 (en) Documents control apparatus that can share document attributes
JP4571746B2 (en) System and method for selectively defining access to application functions
US7734638B2 (en) File system updating metadata of files according to results of keyword search
US7480677B2 (en) System and program for maintaining a namespace of filesets accessible to clients over a network
EP1058873B1 (en) File access control in a multi-protocol file server
AU2006200199B2 (en) Discoverability and enumeration mechanisms in a hierarchically secure storage system
US20040193606A1 (en) Policy setting support tool
US20020087859A1 (en) Trust management systems and methods
JP4559158B2 (en) Method and system for accessing data

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FACTOR, MICHAEL;MANDLER, BENJAMIN;KRAUS, NAAMA;REEL/FRAME:016623/0381;SIGNING DATES FROM 20050712 TO 20050717

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FACTOR, MICHAEL;MANDLER, BENJAMIN;KRAUS, NAAMA;SIGNING DATES FROM 20050712 TO 20050717;REEL/FRAME:016623/0381

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4